Ressources and Feeds (TLP:WHITE)
- critical CVE/CVSS-Definition: AttackVector == Network AND PrivilegesRequired == None AND UserInteraction == None AND (privilege escalation OR RCE)
- Rayvyn-CVE-Aggregator and Researchtool
- see also our ddos-specific logbook
2020-Edition
- GOTO 2020-Edition
2021-11-11 [+]
- 0day-Alert: Randori discovered and used a Palo Alto Networks GlobalProtect VPN zero-day (CVE-2021-3064) for a year before disclosing the issue to the vendor.
2021-10-22 [+]
- new DDoS-extortion-campaign hits multiple Mailproviders
2021-10-06 [+]
- Apache-RCE is exploited ITW
2021-09-22 [+]
- state sponsored DDoS: CERT-PH confirmed that the Philippine Army was behind a DDoS attack on some news outlets
2021-09-16 [+]
- OMIGOD-Bug (RCE on a preinstalled software-component) hit azure with POCs but no updates beeing available within 12hrs
- DDoS hit belgic ISP EDPnet, attack spans over multiple days
- DDoS- against Kiwibank and MetService in New Zealand
2021-09-09 [+]
- 500,000 Fortinet VPN accounts leaked on Ransomware-Forum
- Fancy Lazarus Armada Bear - DDoS Gang has been sighted (probably) hitting UK VOIP-Providers and mocking now REvil,
(most probably these guys ) - New MÄ“ris botnet breaks DDoS record with 21.8 million RPS attack
2021-09-02 [+]
- MS Exchange ProxyToken (CVE-2021-33766) allows for auth-bypass and change mailbox-settings, 43k systems affected
- Confluence-OGNL-Injections leads to RCE (CVE-2021-26084) ,
public pocs and massexploitation started
2021-08-18 [+]
- Cloudflare reports a 17 Mio RPS Layer 7 DDoS-Attack
2021-08-07 [+]
- ProxyShell: The next Mass-Exploitation of Exchange-Servers with a Pre-Auth-RCE has been sighted, chaining multiple vuln to achieve RCE and install Webshells onto affected machines.
2021-07-21 [+]
- Fortinets Fortimanager/Fortianalyzer has a serious PreAuth-RCE, Advisory
2021-07-14 [+]
- ServU-FTP from Solarwinds has a critical Pre-Auth-RCE that has been observed to be exploited in the wild
- ForgeRock OpenAM has a critical PreAuth-RCE CVE-2021-35464, PoCs are already out
2021-06-07 [+]
- DDoS against Fiducia GAD leads to disruption of onlinebanking and services for german banks
- POCs for vcenter RCE (CVE-2021-21985) are released on twitter
- [PrintNightmare] - a 0day against Microsoft-Spooler which allows an unpriviledged user Domain-Takeover, had been release accidentially
- SupplyChainAttack agains Kaseya VSA leads to mass-exploitation and ransomware-attack against thousands of companies
2021-05-31 [+]
- VMware vcenter RCE with
PoCs already available (test only,
but fully working pocs can be expected soon); vuln-scan-activities had been observed as well
NIST
2021-05-14 [+]
- tsuNAME, a very effective DDoS-attack against authoritative DNS servers published
- DDoS against TheRecord after critical articles
- DDoS_Extortion is back: Large DDoS against ISP BlackKnight
2021-05-05 [+]
- Exim-vulns: Qualys discovered 21 Nails in the coffin for exim;
some of them might be chained for total system-takeover
see SB 21.11 - Belgium Parliament faces a massive DDoS
2021-04-22 [+]
- SonicWall Email-Security 0day
- QNAP-Ransomware
2021-04-20 [+]
-
Out-of-Cycle Advisory: Pulse Connect Secure RCE Vulnerability (CVE-2021-22893) with 0-day-exploitation seen in the wild since early 2021. first details about the vuln are out, so expect working POCs and massexploitation soon.
additionally, a checktool/integrity-scanner has been released by PuleSecure -
another SupplyChainAttack discovered against codedev; a tool used by a lot lot of (open|closed)source projects like atlassian, ansible, etcd, radare ... here is a list
tl;dr: if you are using this tool, your cloud-credentials and code could be compromised. the malicious snippet was introduced in january.
reuters | -
DC-operators, be prepared: ransomware-gangs starting to target unix-systems as well;
- a malicious Favicon on code.microsoft.com, Subdomain Takleover or internal RedTeaming?
2021-03-15 [+]
- ProxyLogon DFIR-resources, timelines, and PoCs ( CVE-2021-26855 )
- F5 Big-IP has some critical vulns in ControlPlane (TMUI) and DataPlane with the most severe (CVE-2021-22986) leading to RCE; for a simpel DoS, POC-code has been released
- MS DNS-Server RCE (CVE-2021-26897) (yes, again)
- Juniper 2021-01 Security Bulletin: Junos OS and Junos OS / Upon receipt of a specific BGP FlowSpec message network traffic may be disrupted. (CVE-2021-0211) CVSS SCORE: 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H)
2021-03-02 [+]
- Microsoft issued an emergency patch for exchange, you will find more details, ressources and updates in our security bulletin [ SB 21.07 ]
2021-02-25 [+]
- Unauthorized RCE in VMware vCenter ( CVE-2021-21972 ), with a detailed article by PTSwarm: Unauthorized RCE in VMware vCenter, a PoC is already circulating 24hrs after release
- BIND servers are vulnerable to a DoS and possible RCE when used withj a common but not default-config, see NIST and according article from ZDI
- SaltStack multiple vulns and RCE
2021-02-02 [+]
- Zyxel starts 2021 with a backdoor in various Firewalls and VPN-products, a Scanner is available
- FortiWeb has some serious flaws released by PTSwarm, (SQLi CVE-2020-29015), Unauth Buffer Overflow (CVE-2020-29016 + CVE-2020-29019) but no PoCs seen so far
- Accellion-FTA seems to have an incomplete fix for their 2020-Bug, affecting multiples customers as news-reports suggest
- dnsmasq has some serious flaws (cache poisoning, buffer overflows) that comes with the first own names (dnsqpooq) in 2021, but the advisory is a great read
- Cisco had a couple of critical vulns in its SD-WAN - productline
- SonicWall has a 0day in its SMA X00 - Series
and reports surface, they might have been hacked by that very 0-day.
a private poc exists and attacks were seen in the wild, accoring to NCC
additionally, and older 0day-POC against Sonicwall-VPN-Gateways was published - Ransomware-Gangs are now using DDoS-Attacks as well
2020-Edition
- GOTO 2020-Edition
Fragen? Kontakt: info@zero.bs